Decrease (-) Restore Default Increase (+)
Bookmark and Share
clear spacerHIPAA





The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires health plans to notify plan participants and beneficiaries about its policies and practices to protect the confidentiality of their health information.

This document is intended to satisfy HIPAA's notice requirement with respect to all health information created, received, or maintained by the Norton Healthcare Group Health Plans, the "Plan", as sponsored by Norton Healthcare, the "Company".

The Plan needs to create, receive, and maintain records that contain health information about you to administer the Plan and provide you with health care benefits. This notice describes the Plan's health information privacy policy with respect to your Medical, Prescription Drug, Dental, Vision, and Health Care Flexible Spending Arrangement (FSA), and Employee Assistance Program (EAP) benefits. The notice tells you the ways the Plan may use and disclose health information about you, describes your rights, and the obligations the Plan has regarding the use and disclosure of your health information. However, it does not address the health information policies or practices of your health care providers.

Norton Healthcare's Pledge Regarding Health Information Privacy

The privacy policy and practices of the Plan protects confidential health information that identifies you or could be used to identify you and relates to a physical or mental health condition or the payment of your health care expenses. This individually identifiable health information is known as "protected health information" (PHI). Your PHI will not be used or disclosed without a written authorization from you, except as described in this notice or as otherwise permitted by federal and state health information privacy laws.

Privacy Obligations of the Plan

The Plan is required by law to:

  • Make sure that health information that identifies you is kept private;
  • Give you this notice of the Plan's legal duties and privacy practices with respect to health information about you; and
  • Follow the terms of the notice that is currently in effect.

How the Plan May Use and Disclose Health Information About You

The following are the different ways the Plan may use and disclose your PHI:

For Treatment. The Plan may disclose your PHI to a health care provider who renders treatment on your behalf. For example, if you are unable to provide your medical history as the result of an accident, the Plan may advise an emergency room physician about the types of prescription drugs you currently take.

For Payment. The Plan may use and disclose your PHI so claims for health care treatment, services, and supplies you receive from health care providers may be paid according to the Plan's terms. For example, the Plan may receive and maintain information about surgery you received to enable the Plan to process a hospital's claim for reimbursement of surgical expenses incurred on your behalf.

For Health Care Operations. The Plan may use and disclose your PHI to enable it to operate or operate more efficiently or make certain all of the Plan's participants receive their health benefits. For example, the Plan may use your PHI for case management or to perform population-based studies designed to reduce health care costs. In addition, the Plan may use or disclose your PHI to conduct compliance reviews, audits, actuarial studies, and/or for fraud and abuse detection.

The Plan may also combine health information about many Plan participants and disclose it to the Company in summary fashion so it can decide what coverages the Plan should provide. The Plan may remove information that identifies you from health information disclosed to the Company so it may be used without the Company learning who the specific participants are.

To a Business Associate. Certain services are provided to the Plan by third party administrators known as "business associates." For example, the Plan may input information about your health care treatment into an electronic claims processing system maintained by the Plan's business associate so your claim may be paid. In so doing, the Plan will disclose your PHI to its business associate so it can perform its claims payment function. However, the Plan will require its business associates, through contract, to appropriately safeguard your health information.

Treatment Alternatives. The Plan may use and disclose your PHI to tell you about possible treatment options or alternatives that may be of interest to you.

Health-Related Benefits and Services. The Plan may use and disclose your PHI to tell you about health-related benefits or services that may be of interest to you.

Individual Involved in Your Care or Payment of Your Care. The Plan may disclose PHI to a close friend or family member involved in or who helps pay for your health care. The Plan may also advise a family member or close friend about your condition, your location (for example, that you are in the hospital), or death.

As Required by Law. The Plan will disclose your PHI when required to do so by federal, state, or local law, including those that require the reporting of certain types of wounds or physical injuries.

Special Use and Disclosure Situations

The Plan may also use or disclose your PHI under the following circumstances:

Lawsuits and Disputes. If you become involved in a lawsuit or other legal action, the Plan may disclose your PHI in response to a court or administrative order, a subpoena, warrant, discovery request, or other lawful due process.

Law Enforcement. The Plan may release medical information if asked to do so by a law enforcement official:

  • In response to a valid court order, subpoena, warrant, summons or similar process;
  • In an investigation of a patient's unlawful attempt to obtain a controlled substance through use of the hospital or other Norton facilities.

Workers' Compensation. The Plan may disclose your PHI to the extent authorized by and to the extent necessary to comply with workers' compensation laws other similar programs.

Military and Veterans. If you are or become a member of the U.S. armed forces, the Plan may release medical information about you as deemed necessary by military command authorities.

To Avert Serious Threat to Health or Safety. The Plan may use and disclose your PHI when necessary to prevent a serious threat to your health and safety, or the health and safety of the public or another person.

Public Health Risks. The Plan may disclose health information about you for public heath activities. These activities include preventing or controlling disease, injury or disability; reporting births and deaths; reporting child abuse or neglect; or reporting reactions to medication or problems with medical products or to notify people of recalls of products they have been using.

Health Oversight Activities. The Plan may disclose your PHI to a health oversight agency for audits, investigations, inspections, and licensure necessary for the government to monitor the health care system and government programs.

Research. Upon patient authorization, the Plan may use and disclose your PHI for medical research purposes.

National Security, Intelligence Activities, and Protective Services. The Plan may release your PHI to authorized federal officials:

  1. For intelligence, counterintelligence, and other national security activities authorized by law and
  2. To enable them to provide protection to the members of the U.S. government or foreign heads of state, or to conduct special investigations.

Organ and Tissue Donation. If you are an organ donor, the Plan may release medical information to organizations that handle organ procurement or organ, eye, or tissue transplantation or to an organ donation bank to facilitate organ or tissue donation and transplantation.

Coroners, Medical Examiners, and Funerals Directors. The Plan may release your PHI to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or to determine the cause of death. The Plan may also release your PHI to a funeral director, as necessary, to carry out his/her duty.

Your Rights Regarding Health Information About You

Your rights regarding the health information the Plan maintains about you are as follows:

Right to Inspect and Copy. You have the right to inspect and copy your PHI. This includes information about your plan eligibility, claim and appeal records, and billing records, but does not include psychotherapy notes.

To inspect and copy health information maintained by the Plan, submit your request in writing to the Plan Administrator. The Plan may charge a fee for the cost of copying and/or mailing your request. In limited circumstances, the Plan may deny your request to inspect and copy your PHI. Generally, if you are denied access to health information, you may request a review of the denial.

Right to Amend. If you feel that health information the Plan has about you is incorrect or incomplete, you may ask the Plan to amend it. You have the right to request an amendment for as long as the information is kept by or for the Plan.

To request an amendment, send a detailed request in writing to the Plan Administrator. You must provide the reason(s) to support your request. The Plan may deny your request if you ask the Plan to amend health information that was: accurate and complete, not created by the Plan; not part of the health information kept by or for the Plan; or not information that you would be permitted to inspect and copy.

Right to An Accounting of Disclosures. You have the right to request an "accounting of disclosures." This is a list of disclosures of your PHI that the Plan has made to others, except for those necessary to carry out health care treatment, payment, or operations; disclosures made to you; or in certain other situations.

To request an accounting of disclosures, submit your request in writing to the Plan Administrator. Your request must state a time period, which may not be longer than six years prior to the date the accounting was requested and may not include dates before April 14, 2003.

Right to Request Restrictions. You have the right to request a restriction on the health information the Plan uses or disclosures about you for treatment, payment, or health care operations. You also have the right to request a limit on the health information the Plan discloses about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that the Plan not use or disclose information about a surgery you had.

To request restrictions, make your request in writing to the Plan Administrator. You must advise us:

  1. What information you want to limit;
  2. Whether you want to limit the Plan's use, disclosure, or both; and
  3. To whom you want the limit(s) to apply.
  4. Note: The Plan is not required to agree to your request.

Right to Request Confidential Communications. You have the right to request that the Plan communicate with you about health matters in a certain way or at a certain location. For example, you can ask that the Plan send your explanation of benefits (EOB) forms about your benefit claims to a specified address.

To request confidential communications, make your request in writing to the Plan Administrator. The Plan will make every attempt to accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.

Right to a Paper Copy of this Notice. You have the right to a paper copy of this notice. You may write to the Plan Administrator to request a written copy of this notice at any time.

Changes to this Notice

The Plan reserves the right to change this notice at any time and to make the revised or changed notice effective for health information the Plan already has about you, as well as any information the Plan receives in the future. The Plan will post a copy of the current notice in the Company's Benefits Office at all times and on the website. Plan participants will be notify 60 days of a material revision.


If you believe your privacy rights under this policy have been violated, you may file a written complaint with the Plan Administrator at the address listed below. Alternatively, you may complain to the Secretary of the U.S. Department of Health and Human Services, generally, within 180 days of when the act or omission complained of occurred.

Note: You will not be penalized or retaliated against for filing a complaint.

Other Uses and Disclosures of Health Information

Other uses and disclosures of health information not covered by this notice or by the laws that apply to the Plan will be made only with your written authorization. If you authorize the Plan to use or disclose your PHI, you may revoke the authorization, in writing, at any time. If you revoke your authorization, the Plan will no longer use or disclosure your PHI for the reasons covered by your written authorization; however, the Plan will not reverse any uses or disclosures already made in reliance on your prior authorization.

Contact Information

If you have any questions about this notice, please contact:

The Norton Healthcare Group Health Plan Administrator
c/o Norton Healthcare
P. O. Box 35070
Louisville, KY 40232-5070
(502) 629-8422

Medical Care

Pregnancy & Prenatal Classes
Weight Loss
Heart Disease
Women's Health
More Medical Care


Immediate Care
Health Centers
Emergency Room
Doctors Offices
Affiliate Hospitals

Patients and Visitors

Pay Your Bill
Request an Appointment
Get Healthy
Support Groups
Fitness Groups
Mobile Applications
Clinical Trials
Online Nursery
Classes and Events
Send an eCard
Patient Stories
Patient and Family Advisory Council
Places to Stay
Say Thanks
Risk Assessments

About Us

Quality Report 
Ways to Help
Community Outreach
Contact Us
(502) 629-1234

Connect with us

© 2015 Norton Healthcare
Serving Kentucky and Southern Indiana